RADIUS user roles and the
Service-Type attribute
Service-Type attribute defined on the RADIUS server, results in the following user role assignment on the switch:
Service-Type |
User role assigned | Description |
|---|---|---|
Not set |
None (authentication error) | Service-Type not set, so the user is denied access.
|
7 NAS-Prompt
|
operators |
Map the user to
operators role as RADIUS Service-Type 7.
|
6 Administrative
|
administrators |
Map the user to
administrators role as RADIUS Service-Type 6.
|
Other than 6 or 7 |
None (authentication error) | As per RFC 2865, NAS does not need to be implemented with all Service-Types. It treats unsupported Service-Type as Access-Reject. |